Sean Joyce, left, former deputy director of the FBI, and former NSA Director Keith Alexander speak at Rethink Cyber in New York City, Oct. 30, 2017.
Photo:
Rethink Cyber

NEW YORK - The U.S. government and the private sector need to work together much more in order to prevent cyber attacks, said the former directors of the Federal Bureau of Investigation and the National Security Agency at a cybersecurity event Monday.

Keith Alexander, former director of the NSA, said at the Rethink Cyber conference that the exchange of information between governments and businesses is crucial to help thwart cyber attacks by nation-states and other malicious actors.

“My experience in dealing with some of these nation-state actors is their persistence and ability to go into the networks (makes it) almost impossible for a company to individually defend,” said Mr. Alexander, also president and CEO of IronNet Cybersecurity Inc. and former commander for U.S. Cyber Command. “It’s one of the prime reasons that government and industry have to work together.”

Perpetrators of cyber attacks include the “usual suspects” such as China and Russia, said Sean Joyce, former deputy director of the FBI. But what worries him most are the “unpredictables” such as North Korea and Iran. “When you look at what (they’ve) done as far as investing in their cyber warriors and the types of things they’re willing to do as nation states, it has really changed the paradigm and the threat landscape and we have to be prepared,” he said.

Messers Joyce and Alexander spoke at the Rethink Cyber event hosted in part by Israel’s cybersecurity incubator and think-tank, Team8. Security executives at the conference shared insights and advice on the rapidly evolving cybersecurity landscape.

Mr. Joyce, now a consultant on cybersecurity strategy, said he spent more than 26 years with the FBI, but he would have been a better leader and executive if he had taken a year off to work with a company and understand their cybersecurity challenges better. The government, for example, doesn’t often understand what it’s like for an enterprise to have to maintain and patch legacy IT systems, he said.

“Without question, it has to be a partnership,” he said.

Companies are often hesitant to go to the government for help because there’s a lack of trust, or they’re afraid that regulators will get involved, Mr. Joyce said. But during his time at the FBI, he said he kept information about breaches confidential and “there wasn’t a single occasion where we told a regulator about a breach.”

The average organization manages 55 security solutions ranging from endpoint security to infrastructure security and application security, and is spending $11.9 million per year responding to security incidents, said Tom Parker, group technology officer at Accenture Security, at the conference.